1f1b5362a0f11d51d2167c564580d1627db400edec8a47e00d3751ae3895b076

Analysis

max time kernel
129s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 21:41

Target

1f1b5362a0f11d51d2167c564580d1627db400edec8a47e00d3751ae3895b076_NeikiAnalytics.exe
Size

79KB
MD5

16caa3a3a025c809512a182f9c3571e0
SHA1

a6a1807a68ae315a3dc3ea5073a2d6c69d50bd5e
SHA256

1f1b5362a0f11d51d2167c564580d1627db400edec8a47e00d3751ae3895b076
SHA512

d840c79cd64caa60790c4ccc521b34080c84aa7b26052a64a693c574c0b393b83af1a2d5f3329d3a7ea0815588e3017a405f43fa25cc859d6522560cf7334855
SSDEEP

1536:zvFTzZwU22BeTU1qgAOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zvFTmPUnqgVGdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3912	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 624	1360	1f1b5362a0f11d51d2167c564580d1627db400edec8a47e00d3751ae3895b076_NeikiAnalytics.exe	86
PID 1360 wrote to memory of 624	1360	1f1b5362a0f11d51d2167c564580d1627db400edec8a47e00d3751ae3895b076_NeikiAnalytics.exe	86
PID 1360 wrote to memory of 624	1360	1f1b5362a0f11d51d2167c564580d1627db400edec8a47e00d3751ae3895b076_NeikiAnalytics.exe	86
PID 624 wrote to memory of 3912	624	cmd.exe	87
PID 624 wrote to memory of 3912	624	cmd.exe	87
PID 624 wrote to memory of 3912	624	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\1f1b5362a0f11d51d2167c564580d1627db400edec8a47e00d3751ae3895b076_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1f1b5362a0f11d51d2167c564580d1627db400edec8a47e00d3751ae3895b076_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:624
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3912

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
79acc76d3ebd6c7a26870663855c7c6e

SHA1
c2dc15f0dbfc53cb0070fca680a77f8c2b531333

SHA256
fac26a3214e3482a2cbcccf1224f4789c9317ac49bb22929b0e302c200a41e71

SHA512
1902c9a69a59cd06706debf62c22fa6daf949412dd51616d1adb5ade68d65415d8675e2d28bc8003e89cd6fc408055f22c8e64d7cee18185c6bb6aeb0584e746

Download Submit
memory/1360-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3912-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download